Skip to content

[codex] Fix server handler payload aliases#1990

Draft
bokelley wants to merge 1 commit into
mainfrom
bokelley/issue-1988
Draft

[codex] Fix server handler payload aliases#1990
bokelley wants to merge 1 commit into
mainfrom
bokelley/issue-1988

Conversation

@bokelley
Copy link
Copy Markdown
Contributor

@bokelley bokelley commented May 24, 2026

Summary

  • Add named server *Payload and *HandlerResult aliases across decisioning surfaces and re-export them from @adcp/sdk/server.
  • Keep server payload annotations response-safe by stripping protocol envelope fields plus write-only webhook credentials and billing bank coordinates.
  • Align raw response builders with the public payload types by stripping nested account credentials/bank fields and media-buy invoice-recipient bank fields at runtime.
  • Expand repo and packed-adopter type guards for Result<Payload, E>, TaskHandoff, account handler aliases, broad alias exports, and write-only field stripping.

Root Cause

The previous tests covered direct SalesPlatform payload returns, but not adopter helper layers that annotate results as Result<GeneratedWireResponse, E>. Those generated response types include protocol task-envelope fields such as status: TaskStatus, so adopter helpers were forced to return envelope fields that the SDK owns and stamps later.

During expert review, we also found that widening public payload aliases needed to stay aligned with the write-only response contract for nested webhook credentials and bank details. This PR fixes both the type surface and the raw response-builder runtime projection.

Expert Review

  • Protocol review flagged the raw response-builder runtime/type mismatch for nested account credentials and bank fields; fixed with runtime stripping and regression tests.
  • Security review flagged write-only authentication.credentials and BusinessEntity.bank exposure risk in public aliases; fixed in ServerPayload<T> and guarded by type tests.
  • Code review flagged no remaining blockers after the runtime/type fixes.
  • Product review asked for broader alias coverage, account handler alias guards, and migration guidance; all added.

Validation

  • npm run typecheck
  • npm run build:lib
  • node --test test/server-responses.test.js test/lib/account-notification-config-projection.test.js
  • npm run check:adopter-types
  • git diff --check
  • Pre-push hook: typecheck + build:lib

Fixes #1988

github-code-quality[bot]
github-code-quality Bot found potential problems May 24, 2026
View reviewed changes
Comment thread src/lib/server/decisioning/decisioning.type-checks.ts
const auth = listAccounts.accounts[0]?.notification_configs?.[0]?.authentication;
if (auth) {
// @ts-expect-error — response payload aliases must not expose write-only webhook credentials.
auth.credentials;
Comment thread src/lib/server/decisioning/decisioning.type-checks.ts
const embeddedAuth = createBuy.account?.notification_configs?.[0]?.authentication;
if (embeddedAuth) {
// @ts-expect-error — embedded account payloads get the same response-safe projection.
embeddedAuth.credentials;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

v8 beta server handler types require protocol envelope status for payload returns

1 participant

@bokelley